Mirai botnet races. It seems like we have a winner.

We’ve already told about huge DDoS (distributed denial of service) attack on Dyn, the biggest one to use Mirai IoT malware code. The result of the malware is a number of hacked IoT devices. The Mirai authors provide everyone who is ready to pay with DDoS attacks.

The Mirai works by scanning the internet for insecure devices and turning them into bots that accomplish cyberattacks. Now the creators claim to have developed new version of Mirai able of infecting new devices, namely routers. Such an alternation allows them substantial increase of bots available. One of the hackers said to have more than one million devices hacked.

According to the security researcher MalwareTech, the two hackers control 75% of the Mirai devices that are on the internet, that is approximately 400,000 items. Dale Drew, chief security officer at Level3 Communication, suggests the number of 500,000.

BestBuy, one of the hackers, started the “advertising campaign” of the Mirai botnet via spam messages through chat protocol XMPP.Jabber. They presented the rate card, as well: for $2000, a client gets 20,000 – 25,000 nodes for one-hour attack over two weeks, 15 minutes “cool-down” needed. $15,000 – $20,000, the one can get 600,000 bots for a two-hour attack, 15-30 minutes cool-down required.

The two hackers say that they have one bigger botnet that allows them to hack devices earlier than their competitors. This can be their way to getting monopoly over the Mirai hacked devices.

Luckily, as BestBuy says they have the ethical limits. They blacklist certain IPs for they cannot be hurt.